Lucene search
AlmaLinuxALSA-2024:4756HistoryJul 23, 2024 - 12:00 a.m.
Moderate: libuv security update
2024-07-2300:00:00
errata.almalinux.org
6
libuv
security update
ssrf
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
39.9%
libuv is a multi-platform support library with a focus on asynchronous I/O.
Security Fix(es):
- libuv: Improper Domain Lookup that potentially leads to SSRF attacks (CVE-2024-24806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | i686 | libuv | <ย 1.42.0-2.el9_4 | libuv-1.42.0-2.el9_4.i686.rpm |
| almalinux | 9 | aarch64 | libuv | <ย 1.42.0-2.el9_4 | libuv-1.42.0-2.el9_4.aarch64.rpm |
| almalinux | 9 | x86_64 | libuv | <ย 1.42.0-2.el9_4 | libuv-1.42.0-2.el9_4.x86_64.rpm |
| almalinux | 9 | ppc64le | libuv | <ย 1.42.0-2.el9_4 | libuv-1.42.0-2.el9_4.ppc64le.rpm |
| almalinux | 9 | s390x | libuv | <ย 1.42.0-2.el9_4 | libuv-1.42.0-2.el9_4.s390x.rpm |
| almalinux | 9 | i686 | libuv-devel | <ย 1.42.0-2.el9_4 | libuv-devel-1.42.0-2.el9_4.i686.rpm |
| almalinux | 9 | aarch64 | libuv-devel | <ย 1.42.0-2.el9_4 | libuv-devel-1.42.0-2.el9_4.aarch64.rpm |
| almalinux | 9 | x86_64 | libuv-devel | <ย 1.42.0-2.el9_4 | libuv-devel-1.42.0-2.el9_4.x86_64.rpm |
| almalinux | 9 | ppc64le | libuv-devel | <ย 1.42.0-2.el9_4 | libuv-devel-1.42.0-2.el9_4.ppc64le.rpm |
| almalinux | 9 | s390x | libuv-devel | <ย 1.42.0-2.el9_4 | libuv-devel-1.42.0-2.el9_4.s390x.rpm |
Related
amazon
amazon
Medium: libuv
2024-02-29 10:03:00
nessus
nessus
Slackware Linux 15.0 / current libuv Vulnerability (SSA:2024-051-02)
2024-02-20 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libuv vulnerability (USN-6666-1)
2024-02-28 00:00:00
AlmaLinux 8 : libuv (ALSA-2024:4247)
2024-07-03 00:00:00
osv
osv
CGA-r683-gv3c-xw6q
2024-06-06 12:26:21
CGA-qc4m-85c7-56g6
2024-06-06 12:29:01
Moderate: libuv security update
2024-07-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1743)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1766)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1594)
2024-05-10 00:00:00
nvd
nvd
CVE-2024-24806
2024-02-07 22:15:10
redhat
redhat
(RHSA-2024:4756) Moderate: libuv security update
2024-07-23 15:13:18
(RHSA-2024:4247) Moderate: libuv security update
2024-07-02 13:56:08
ubuntucve
ubuntucve
CVE-2024-24806
2024-02-07 00:00:00
ubuntu
ubuntu
libuv vulnerability
2024-02-28 00:00:00
redos
redos
ROS-20240611-10
2024-06-11 00:00:00
hackerone
hackerone
oraclelinux
oraclelinux
libuv security update
2024-07-23 00:00:00
libuv security update
2024-07-02 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-24806 affecting package cmake for versions less than 3.28.2-6
2024-06-21 09:32:44
CVE-2024-24806 affecting package nodejs for versions less than 20.14.0-1
2024-06-21 09:32:44
debian
debian
[SECURITY] [DLA 3752-1] libuv1 security update
2024-03-05 21:54:56
[SECURITY] [DSA 5638-1] libuv1 security update
2024-03-10 13:02:23
prion
prion
Improper access control
2024-02-07 22:15:00
cgr
cgr
CVE-2024-24806 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-24806
2024-02-08 12:39:02
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-02-08 08:37:09
mageia
mageia
Updated libuv packages fix security vulnerability
2024-03-22 03:19:51
slackware
slackware
[slackware-security] libuv
2024-02-20 21:14:06
cvelist
cvelist
almalinux
almalinux
Moderate: libuv security update
2024-07-02 00:00:00
cve
cve
CVE-2024-24806
2024-02-07 22:15:10
cloudfoundry
cloudfoundry
USN-6666-1: libuv vulnerability | Cloud Foundry
2024-04-04 00:00:00
debiancve
debiancve
CVE-2024-24806
2024-02-07 22:15:10
alpinelinux
alpinelinux
CVE-2024-24806
2024-02-07 22:15:10
wolfi
wolfi
CVE-2024-24806 vulnerabilities
2024-09-19 21:18:36
photon
photon
Critical Photon OS Security Update - PHSA-2024-3.0-0728
2024-02-19 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0568
2024-02-19 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0213
2024-02-20 00:00:00
ibm
ibm
nodejsblog
nodejsblog
Wednesday February 14 2024 Security Releases
2024-02-14 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AI Score
7.3
Confidence
Low
EPSS
0.001
Percentile
39.9%
Related for ALSA-2024:4756